AnchorFree provides the Hotspot Shield VPN app claiming it allows to protect users from online tracking, but, according to a complaint filed with the FTC, the application gathers data and shares it according to its privacy policy.

The VPN service injects ads and JavaScript code for advertising purposes into user’s browser when connected through Hotspot Shield exposing them to online monitoring.

“Hotspot Shield tells customers that their privacy and security are ‘guaranteed’ but their actual practices starkly contradict this,” said Michelle De Mooy, Director of CDT’s Privacy & Data Project, in a statement. “They are sharing sensitive information with third party advertisers and exposing users’ data to leaks or outside attacks.”

The experts that analyzed the source code of the application discovered the company is using several tracking libraries, it is very curious considering the company’s motto was “Don’t let ISPs monetize your web history: Use Hotspot Shield,”.

“Contrary to Hotspot Shield’s claims, the VPN has been found to be actively injectingJavaScript codes using iframes for advertising and tracking purposes. An iframe, or“inline frame,” is an HTML tag that can be used to embed content from another site orservice onto a webpage; iframes are frequently used to insert advertising, but can also be used to inject other malicious or unwanted code onto a webpage. Further analysis of Hotspot Shield’s reverse-engineered source code revealed that the” continues the compliant.“VPN uses more than five different third-party tracking libraries, contradicting 34statements that Hotspot Shield ensures anonymous and private web browsing.”